---

- name: Install dependencies
  ansible.builtin.apt:
    state: present
    pkg: 
      - gpg
      - postgresql
      - python3-psycopg2
      - apt-transport-https

- name: Import nodesource signing key
  ansible.builtin.shell:
    cmd: curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor
      -o /usr/share/keyrings/nodesource.gpg
  args:
    creates: /usr/share/keyrings/nodesource.gpg
  notify: apt update

- name: Install nodesource source list
  ansible.builtin.template:
    src: nodesource.list
    dest: /etc/apt/sources.list.d/nodesource.list
    owner: root
    group: root
    mode: 0644
  notify: apt update

- name: Install nodejs apt preference
  ansible.builtin.template:
    src: nodejs-apt-pref
    dest: /etc/apt/preferences.d/nodejs
    owner: root
    group: root
    mode: 0644
  notify: apt update

- ansible.builtin.meta: flush_handlers

- name: Install nodejs
  ansible.builtin.apt:
    name: nodejs

- name: Add database user
  become: true
  become_method: su
  become_user: postgres
  no_log: yes
  community.postgresql.postgresql_user:
    name: etherpad
    password: "{{ etherpad_db_password }}"

- name: Add database
  become: true
  become_method: su
  become_user: postgres
  community.postgresql.postgresql_db:
    name: "{{ etherpad_db_name }}"
    owner: "{{ etherpad_db_user }}"

- name: Add etherpad user
  ansible.builtin.user:
    name: etherpad
    home: /var/lib/etherpad

- name: Create log file
  ansible.builtin.file:
    path: /var/log/etherpad.log
    state: touch
    owner: etherpad
    group: etherpad
    mode: 0644

- name: Create source directory
  ansible.builtin.file:
    path: /opt/etherpad
    state: directory
    owner: etherpad
    group: etherpad
    mode: 0755

- name: Clone etherpad source
  become: yes
  become_method: su
  become_user: etherpad
  ansible.builtin.git:
    repo: https://github.com/ether/etherpad-lite.git
    version: master
    dest: /opt/etherpad
    accept_hostkey: yes
  notify: restart etherpad

- name: Install etherpad config
  ansible.builtin.template:
    src: settings.json
    dest: /opt/etherpad/settings.json
    owner: root
    group: root
    mode: 0644
  notify: restart etherpad

- name: Install etherpad service
  ansible.builtin.template:
    src: etherpad.service
    dest: /etc/systemd/system/etherpad.service
    owner: root
    group: root
    mode: 0644
  notify: restart etherpad

- name: Start etherpad
  ansible.builtin.systemd:
    daemon_reload: true
    name: etherpad
    state: started
    enabled: yes

- name: Install nginx config
  ansible.builtin.template:
    src: nginx-site.conf
    dest: /etc/nginx/sites-enabled/etherpad
    owner: root
    group: root
    mode: 0644
  notify: reload nginx

- name: Allow HTTP and HTTPS
  ansible.builtin.iptables:
    chain: INPUT
    protocol: tcp
    destination_port: "{{ item.port }}"
    ctstate: NEW
    jump: ACCEPT
    ip_version: "{{ item.ip }}"
    action: insert
  with_items:
    - { ip: ipv4, port: 80 }
    - { ip: ipv4, port: 443 }
    - { ip: ipv6, port: 80 }
    - { ip: ipv6, port: 443 }
  notify: persist iptables
  when: not nft | bool